Methods and Devices for Virtualizing Device Security Using a Multi-Access Server that is Separate from a Device

1. A method comprising: organizing, by a security virtualization system implemented by a multi-access edge compute (“MEC”) server, a set of devices into a plurality of different device groups, wherein each device of the set of devices is separate from and communicatively coupled to the MEC server and wherein each device group of the plurality of different device groups is associated with a different security policy; identifying, by the security virtualization system, a security policy for a particular device of the set of devices, wherein the security policy is identified as a particular security policy associated with a particular device group to which the particular device is assigned by the organizing of the set of devices; intercepting, by the security virtualization system, data transmitted to the particular device from an application server; applying, by the security virtualization system, a security service to the intercepted data in accordance with the security policy identified for the particular device; and delivering, by the security virtualization system to the particular device subsequent to the applying of the security service, sanitized data that corresponds to the intercepted data and has been sanitized by way of the security service, the delivering of the sanitized data performed by way of a secure connection between the security virtualization system and the particular device.

2. The method of claim 1 , further comprising providing, by the security virtualization system to a data storage repository, a dataset associated with the intercepted data transmitted to the particular device from the application server, the dataset configured for use as part of a training dataset used in connection with a machine learning technology to update the security policy for subsequent data transmitted to the particular device from the application server.

3. The method of claim 1 , further comprising receiving, by the security virtualization system from the particular device, a request to access the data transmitted from the application server; wherein the identifying of the security policy for the particular device is performed in response to the receiving of the request.

4. The method of claim 1 , wherein the organizing of the set of devices into the plurality of different device groups is performed based on general device characteristics of individual devices within the set of devices, such that each device group includes all of the devices of a particular make, model, and software version and only devices of the particular make, model, and software version.

5. The method of claim 1 , wherein the organizing of the set of devices into the plurality of different device groups is performed based on security-related characteristics of individual devices within the set of devices, such that a particular device group includes at least two devices that have general device characteristics distinct from one another.

6. The method of claim 1 , wherein the organizing of the set of devices into the plurality of different device groups is performed based on security-related characteristics of individual devices within the set of devices, such that a first device having particular general device characteristics and a second device having the particular general device characteristics are each included in different device groups.

7. The method of claim 1 , wherein the method further comprises: dynamically organizing, by the security virtualization system, the set of devices into a plurality of different security-centric device groups based on security-related characteristics of individual devices within the set of devices, and dynamically organizing, by the security virtualization system, the set of devices into a plurality of different management-centric device groups based on general device characteristics of the individual devices within the set of devices.

8. The method of claim 1 , wherein: the applying of the security service to the intercepted data includes analyzing the intercepted data to verify that the intercepted data does not include malicious data configured to compromise security of an application for which the particular device is being used; and the delivering of the sanitized data that corresponds to the intercepted data includes transmitting the intercepted data to the particular device subsequent to the analyzing of the intercepted data to verify that the intercepted data does not include the malicious data.

9. The method of claim 1 , wherein: the applying of the security service to the intercepted data includes analyzing a data traffic pattern for data transmitted to the particular device to verify that the intercepted data is not anomalous in a manner indicative of a device intrusion attempt; and the delivering of the sanitized data that corresponds to the intercepted data includes transmitting the intercepted data to the particular device subsequent to the analyzing of the data traffic pattern to verify that the intercepted data is not anomalous in the manner indicative of the device intrusion attempt.

10. A system comprising: a memory storing instructions; and a processor implemented within a multi-access edge compute (“MEC”) server, the processor communicatively coupled to the memory and configured to execute the instructions to: organize a set of devices into a plurality of different device groups, wherein each device of the set of devices is separate from and communicatively coupled to the MEC server and wherein each device group of the plurality of different device groups is associated with a different security policy, identify a security policy for a particular device of the set of devices, wherein the security policy is identified as a particular security policy associated with a particular device group to which the particular device is assigned by the organizing of the set of devices, intercept data transmitted to the particular device from an application server, apply a security service to the intercepted data in accordance with the security policy identified for the particular device, and deliver, to the particular device subsequent to the applying of the security service, sanitized data that corresponds to the intercepted data and has been sanitized by way of the security service, the delivering of the sanitized data performed by way of a secure connection between the system and the particular device.

11. The system of claim 10 , wherein the processor is further configured to execute the instructions to provide, to a data storage repository, a dataset associated with the intercepted data transmitted to the particular device from the application server, the dataset configured for use as part of a training dataset used in connection with a machine learning technology to update the security policy for subsequent data transmitted to the particular device from the application server.

12. The system of claim 10 , wherein: the processor is further configured to execute the instructions to receive, from the particular device, a request to access the data transmitted from the application server; and the identifying of the security policy for the particular device is performed in response to the receiving of the request.

13. The system of claim 10 , wherein the organizing of the set of devices into the plurality of different device groups is performed based on general device characteristics of individual devices within the set of devices, such that each device group includes all of the devices of a particular make, model, and software version and only devices of the particular make, model, and software version.

14. The system of claim 10 , wherein the organizing of the set of devices into the plurality of different device groups is performed based on security-related characteristics of individual devices within the set of devices, such that a particular device group includes at least two devices that have general device characteristics distinct from one another.

15. The system of claim 10 , wherein the organizing of the set of devices into the plurality of different device groups is performed based on security-related characteristics of individual devices within the set of devices, such that a first device having particular general device characteristics and a second device having the particular general device characteristics are each included in different device groups.

16. The system of claim 10 , wherein the processor is further configured to execute the instructions to: dynamically organize the set of devices into a plurality of different security-centric device groups based on security-related characteristics of individual devices within the set of devices, and dynamically organize the set of devices into a plurality of different management-centric device groups based on general device characteristics of the individual devices within the set of devices.

17. The system of claim 10 , wherein: the applying of the security service to the intercepted data includes analyzing the intercepted data to verify that the intercepted data does not include malicious data configured to compromise security of an application for which the particular device is being used; and the delivering of the sanitized data that corresponds to the intercepted data includes transmitting the intercepted data to the particular device subsequent to the analyzing of the intercepted data to verify that the intercepted data does not include the malicious data.

18. The system of claim 10 , wherein: the applying of the security service to the intercepted data includes analyzing a data traffic pattern for data transmitted to the device to verify that the intercepted data is not anomalous in a manner indicative of a particular device intrusion attempt; and the delivering of the sanitized data that corresponds to the intercepted data includes transmitting the intercepted data to the particular device subsequent to the analyzing of the data traffic pattern to verify that the intercepted data is not anomalous in the manner indicative of the device intrusion attempt.

19. A non-transitory computer-readable medium storing instructions that, when executed, direct a processor of a computing device to: organize a set of devices into a plurality of different device groups, wherein each device of the set of devices is separate from and communicatively coupled to the computing device and wherein each device group of the plurality of different device groups is associated with a different security policy; identify a security policy for a particular device of the set of devices, wherein the security policy is identified as a particular security policy associated with a particular device group to which the particular device is assigned by the organizing of the set of devices; intercept data transmitted to the particular device from an application server; apply a security service to the intercepted data in accordance with the security policy identified for the particular device; and deliver, to the particular device subsequent to the applying of the security service, sanitized data that corresponds to the intercepted data and has been sanitized by way of the security service, the delivering of the sanitized data performed by way of a secure connection between the computing device and the particular device.

20. The non-transitory computer-readable medium of claim 19 , wherein the instructions further direct the processor to provide, to a data storage repository, a dataset associated with the intercepted data transmitted to the particular device from the application server, the dataset configured for use as part of a training dataset used in connection with a machine learning technology to update the security policy for subsequent data transmitted to the particular device from the application server.